SYN_RECV DDoS attack on CentOS Server

Last few days a server is getting too many SYN_RECV attacks.
 
I tried to stop it with APF antidos and mod_evasive.
 
It stoped the attack. But today it started again, may be with more strength, there was more than 1500 SYN_REC requests, Apache stoped working.
 
Today i banned few attacker IP’s with APF firewall.
 
netstat will show the number of connections each IP’s have. Ban IP’s with too many SYN_REC will help if attack is not spoofed.
 

# netstat -n -p | grep SYN_REC | awk '{print  $5}' | awk -F: '{print $1}'

 
To block an IP with APF Firewall, use
 
# apf -d IPADDRESS
# csf -d IPADDRESS
 
 

Posted in Uncategorized. Bookmark the permalink.

  • lonelicloud

    Hi, my vps is suffering from this type of attack now. I can ban the ip but there are still too much bandwidth wasted by this attack. Could you give me some advice on how to avoid this?